Posté le 03-03-2005 à 17:48:47 voila j'ai le virus funner-A (w32.funner) et norton me l'a detecter eet il me dirige vers symantec
http://securityresponse.symantec.c [...] unner.html
et il me dise d'ajouter une valeur dans un dossier nommée winlogon que je n'ai pas
voila ce k'il dise :
When W32.Funner is executed, it performs the following actions:
Copies itself as:
%System%\IEXPLORE.EXE
%System%\EXPLORE.EXE or %System%\EXPLORER.EXE
%Windir%\rundll32.exe
%System%\userinit32.exe
c:\funny.exe
and executes the first three files listed.
Notes:
The three files make sure that the other two are running and will restart them if any are stopped.
These files require the MSVBVM60.DLL file, which is a component of the Microsoft Visual Basic run-time environment.
%System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
Creates a log file named %System%\bsfirst2.log.
Adds the value:
"Userinit"="userinit32.exe,"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
so that the userinit32.exe runs when you start Windows.
Adds the value:
"MMSystem"="%Windir%\rundll32.exe "%System%\mmsystem.dll"", RunDll32"
to some of the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
so that the rundll32.exe runs when you start Windows.
May add the line:
Shell = %System%\explore.exe
to the [boot] section of the system.ini file.
Attempts to send c:\funny.exe to contacts in the Microsoft MSN Messenger instant message program.
May contact the www.78p.com domain and download various components.